<?php
/**
 * gpa_demo Description
 * @package 
 * @name imagecomment
 * @filesource image-comment.php
 * @author Meta Sanjaya
 */

if(count($_POST) && isset($_SESSION['user']['user_id'])) {
    $post = $_POST;
    $iid = intval($_GET['iid']);
    $comment = escape(htmlspecialchars($post['comment-field']));
    $uid = $_SESSION['user']['user_id'];

    $db->query("INSERT INTO #_comment_users_comments SET user_id='$uid', comment='$comment'");
    $cid = $db->getInsertId();

    $db->query("INSERT INTO #_comment_image_comments SET image_id='$iid', comment_id='$cid'");
    echo "comment added!";
} else {
   echo "failed!";
}

?>
